 "IronKey Unveils Trusted Access Solution For Banks")
To help address the serious dangers posed by ever more sophisticated malicious software (‘malware’) that is infecting the computers of users of corporate online banking services, IronKey, a provider of secure and managed portable computing solutions, today announced its Trusted Access for Banking solution. This new product is an application and services suite that leverages the capabilities of IronKey’s Trusted Computing Environment platform to allow banks to provide identity protection, strong authentication and fraud protection at the endpoint for corporate banking customers.
“Organised cybercrime rings have begun to shift away from massive phishing attacks against individual commercial banking customers, and instead are targeting bigger players including corporate banks,” said David Jevans, CEO of IronKey. “We are committed to helping our corporate banking customers protect their customers against these threats. The IronKey solution isolates access to the online corporate banking system from the host PC, creating a trusted virtual computing environment and protecting commercial banking customers from current and next-generation malware and fraud schemes.”
IronKey Trusted Access for Banking is a purpose-built application of the IronKey multi-function security device. Corporate banking customers simply plug it into a computer, and enter their device password. Once the IronKey device is successfully unlocked, its virtualised operating system automatically runs, and a secure Web browser launches and goes directly to the bank’s website. It incorporates a locked down Web browser that is protected against malware from the host PC, and may also be configured to allow users to visit only specific websites.
Zeus/ Zbot is different than other Trojans because it gives hackers the ability to alter a Web input rendered by the victim’s browser to display its own content, mimicking a bank’s Web page form as a legitimate bank website. When the unsuspecting user completes the additional fields on the form, these private credentials are sent directly to the criminal. It can even be customised to steal information from banks in a specific geographic region.
IronKey prevents these types of man-in-the-browser attacks, and enables a trusted virtualised environment protected from malware-infected host computers. The IronKey system conducts an anti-malware scan of the host computer before enabling the secure environment, and even provides the option to boot a host operating system from the IronKey device to protect against threats on infected host computers.
The IronKey solution is available with an integrated RSA SecurID software token that generates one-time passwords, and as a result, provides a single device that serves as both a secure banking platform and a mechanism for two-factor authentication. IronKey Trusted Access for Banking has SaaS or software centralised management capabilities for policy control and reporting.
The IronKey Trusted Access for Banking solution will be available in March.